E-Service have been exceptionally quick about posting an update on their Twitter page. However, they have not been hacked at all as it is trivially easy to forge an email message. The attachment is a malicious Excel spreadsheet which leads to the Dridex banking trojan.

So far, I have seen five different versions of the attachment, all named Invoice 10013405.XLS and with detection rates of about 8/55 [1][2][3][4][5]. Analysis of the attachments is pending, please check back later.

UPDATE

The Malwr reports for the attachment [1] [2][3][4][5] show that the macro in the spreadsheet downloads a file from the following locations: